Privacy Policy

Wraptureis a food business operating from Asaba, Delta State, Nigeria. Under the Nigeria Data Protection Act 2023 (“NDPA”) we are the data controller for the personal data described in this policy. Our processor for payments is Paystack Payments Limited.

You can reach our data point of contact on the WhatsApp number listed on the Contact page, or by email at privacy@wrapture.ng (placeholder).

We only collect what we need to take and deliver your order:

• Identity & contact: name, phone number, email, delivery address.
• Order data: items, quantities, totals, delivery notes, the 6-digit tracking number, status history.
• Payment metadata: Paystack reference and transaction ID. We do not see or store your card number, CVV, PIN, OTP or bank credentials — Paystack handles those under PCI-DSS.
• Communications: WhatsApp messages exchanged with our ops line in connection with your order (we log the inbound command, the staff number and our reply).
• Account data: the password hash if you create a password, or the linked Google account if you sign in with Google.
• Technical data:IP address, browser, basic device info and limited cookies (see § on cookies below).

We process your data for the following purposes, on the corresponding legal bases under NDPA section 25:

• To fulfil your order — taking payment, preparing food, dispatching a rider, updating you over WhatsApp. Lawful basis: performance of a contract.
• To run our business — fraud prevention, refund handling, dispute resolution, basic analytics, tax records. Lawful basis: legitimate interest, balanced against your rights.
• To comply with the law — including the Cybercrime Act 2015 and tax legislation. Lawful basis: legal obligation.
• To send you marketing — only with your prior consent, and only if you opt in. You can withdraw consent at any time by replying STOP on WhatsApp or unsubscribing by email. Lawful basis: consent.

We do not sell personal data. We share data only with the specific third parties needed to run the service:

• Paystack Payments Limited— for processing your payment. Paystack's own privacy notice applies to the data it handles directly: paystack.com/privacy.
• Meta Platforms, Inc. (WhatsApp Cloud API) — your phone number and the body of order-related WhatsApp messages. Subject to the WhatsApp Business Privacy Policy.
• Vercel Inc. — hosting the website and serverless functions. Logs IP addresses and request metadata for security.
• Neon Inc. — managed Postgres database that stores your orders, addresses and account data.
• Delivery riders — receive only the name, delivery address, phone number and tracking number needed to hand your order over.
• Authorities — when compelled by a valid court order, regulatory request or law-enforcement requirement under Nigerian law.

Our database is hosted in a Neon region inside the United States and our website infrastructure is hosted by Vercel, also a US-based provider. This means some of your personal data is transferred outside Nigeria.

We rely on the NDPA section 41 transfer mechanisms — namely contractual safeguards with each processor and your informed consent when you place an order — to ensure these transfers are lawful and that your data receives an adequate level of protection.

• Orders & tracking history: kept for 6 years from the order date to meet Nigerian tax-record requirements.
• Customer account data: kept while your account is active. Deleted within 30 days of account closure, except where we must keep specific records to meet a legal obligation.
• WhatsApp inbound logs: kept for 90 days for dispute resolution, then deleted.
• Marketing consents: kept until you withdraw them, plus 12 months as proof of consent.

As a data subject under the Nigeria Data Protection Act 2023, you have the right to:

• be informed about what we do with your data (this page);
• access the personal data we hold about you;
• rectify data that is wrong or incomplete;
• eraseyour data (the “right to be forgotten”), subject to retention obligations above;
• restrict or object to processing that we base on legitimate interest;
• data portability — receive a machine-readable copy of the data you have given us;
• withdraw consent at any time, without affecting processing that took place before withdrawal;
• lodge a complaint with the Nigeria Data Protection Commission (NDPC) — ndpc.gov.ng.

To exercise any of these rights, WhatsApp us with the request and your order reference. We respond within 30 days as required by the NDPA.

The site uses a minimum of cookies and similar storage to work correctly. We do not use advertising cookies or third-party tracking beacons.

• Strictly necessary: a session cookie set by Better Auth to keep you signed in, and a small amount of localStorage that remembers what is in your cart between page loads. Cannot be turned off without breaking the site.
• Analytics (optional): if you opt in, PostHog captures anonymous pageviews and the events add_to_cart, checkout_start and order_placed to help us improve the menu and the flow. You can opt out at any time — see the cookie banner.

Wrapture is intended for adults. We do not knowingly collect personal data from anyone under the age of 18. If you are a parent or guardian and believe your child has placed an order or supplied us with personal data, WhatsApp us and we will delete the data and cancel the order.

We protect your data with industry-standard measures:

• HTTPS / TLS on every page and API endpoint;
• encrypted passwords (hashed with a modern algorithm — never stored in plain text);
• signed webhooks for Paystack so we know payment events are genuine;
• staff-allowlisted WhatsApp ops line so only known numbers can change order status;
• least-privilege database access via a managed Postgres host.

No system is perfectly secure. If a breach affects your personal data we will notify the NDPC within 72 hours of becoming aware of it, and notify you directly without undue delay where the breach is likely to result in high risk to your rights — as required by NDPA section 40.

We may update this policy as the service evolves. The current version is always at this URL and the “Last updated” date at the top tracks the change. We will draw your attention to material changes the next time you visit checkout.

For any data-protection question, complaint or request, WhatsApp our ops line or email privacy@wrapture.ng. If you are not satisfied with how we respond you may complain to the Nigeria Data Protection Commission directly — ndpc.gov.ng.